Mysterious process running on Windows 7 machine

I have a Startup Item (in MSCONFIG) called “Xyoquhifydyr” from an unknown manufacturer that runs the command C:\Users\username\AppData\Roaming\Riyrqe\taywle.exe located in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Has anyone seen this before or know what it might be? Task Manager shows three or four instances of taywle.exe running at any given time. When I end any of those instances, they restart almost immediately.

Typically any time you have something running in appdata that has random naming like that is malicious. 9 times out of 10 if you have something running that has a somewhat random looking name, you can google it and something will come up. I would advise getting malwarebytes, security essentials or something like that and doing a full scan of your computer. Another piece of software that I've found useful is rogue killer. You may also want to run CCleaner first to make sure it clears out temp files before scanning or the scans will take quite a bit longer. You can also use CCleaner to stop startup processes instead of using msconfig and having to reboot afterward. When using CCleaner, I typically open it and go directly to Options -> Advanced and uncheck "Only delete files in Windows Temp folders older than 24 hours" and "Only delete files in Recycle bin older than 24 hours". Then back to the Cleaner tab and "Run Cleaner". Then scan your computer for malware. As far as malwarebytes goes, I would go ahead and enable the trial and do a flash scan. Make sure though to Right click the icon in your task bar by your clock and uncheck Start with Windows, Website Blocking and File checker.

The responses indicating it is malware are correct, so I will just add a bit to that. I would make the file inactive before doing the scans. Boot to Safe Mode and delete the Riyrqe file, then boot to normal mode and run the scans that were suggested. My presumption is that the program will not be running in Safe Mode (generally, but not always the case) and it will make it MUCH easier for the anti-malware programs to clean it up.

While the supposition that the malware most likely won't be active or at least fully functional in safe mode may very well be correct, if you can run MWB or other antimalware programs in normal mode that is usually better. You're running these programs to delete the malware and they will probably do a "better" job while running in normal mode and with the malware doing it's thing. Having said that, there are times when the malware will keep programs such as MWB from doing it's thing in normal mode and in those cases I first boot to safe mode, run the antimalware program(s) and then reboot into normal mode and run them again. Sometimes I'lll even run MWB in a full scan mode. Typically that will take care of things.

While I was not the topic advisor, I'll chime in with what I've heard. MWB is really meant to be run from normal mode. It's how it was designed and where it works best. As I've mentioned in my most, that is my preferred method of running it. However, there are times when the infection will not even let in be installed let alone be run and in those situations, if you really want to run MWB, going to safe mode is about the only option.

RE: MWB in Safe Mode
I will often run MWB in Safe Mode and then run it after a normal boot. Other than the fact that this takes additional time, are you suggesting that MWB may not be as effective in this manner?

by Nathan Brom/Bromy2004
Introduction
There are numerous websites out there for any different type of program you can imagine. Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution!
This article guides you through accessing and editing a registry of a non-primary drive.
To read registry information on a non-prim…

Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…